Chapter 2
NETCU Commands
This chapter contains a detailed description of each NETCU command. The commands are in alphabetical order.
The commands are summarized by category in Chapter 1. That chapter also describes how to run NETCU and how to send NETCU output to a file.
The descriptions include the command:
• Purpose and any suggestions or restrictions that apply
• Format
• Parameters (if any)
• Qualifiers (if any)
ADD ACCESS_LIST
Controls incoming access restrictions for a remote host. Incoming access restrictions affect only TCP connections for servers the master server process starts. Requires OPER privilege.
Define a service using the ADD SERVICE or MODIFY SERVICE command with the /ACCESS_LIST qualifier that points to the appropriate list number. The access list should be defined in SERVERS.COM.
ADD ACCESS_LIST list condition ia [mask]
list
Number of the incoming access restrictions list (1 to 65535).
condition
Condition of permitting or denying access. Valid keywords are PERMIT and DENY.
Any host you enter on the PERMIT list can access services. TCPware denies services to all other hosts. Use the DENY parameter when:
• You grant a network or group of hosts access to services, and
• You want to deny one or more hosts within the network or group from access to services
TCPware places (and honors) DENY entries before PERMIT entries except when there are duplicate host or network entries with a PERMIT that has a more restrictive mask, in which case the PERMIT entry comes first.
ia
Internet address of the network or host you enter on the list.
mask
Internet address mask. Specifies which bits are used when matching hosts against the incoming access list. TCPware uses the bits set when matching hosts against the ia. If you omit mask and the host portion of the ia is 0, TCPware uses the network or subnet mask. If the host portion is not 0, TCPware uses 255.255.255.255, where it matches the entire Internet address against ia.
/MESSAGE="text"
Text message sent over the connection when TCPware denies access. Place the text in quotation marks (" "). Define one message for each incoming access list. If a message previously exists, the new text replaces it.
The message you define affects all hosts to which the specified list denies access. If omitted, TCPware closes the connection if the list denies the host access.
Table 2-1 lists special characters you can use that have special meaning in the message.
Table 2-1 Special Characters (Continued)
|
Use this character... |
In place of this character... |
|
\\ |
\ |
|
\r |
carriage return |
|
\n |
line feed |
|
\t |
tab |
|
\0 |
NULL |
Examples
1 Denies host 192.168.95.6 access to the server associated with list 56. Any host denied access by list 56 receives the message
550 You are not authorized to have access to this host
followed by a line feed and carriage return.
ADD ACCESS_LIST 56 DENY 192.168.95.6 /MESSAGE="550 You are not authorized to gain access to this host.\n\r"
2 Permits hosts on network 192.168.95.0 access to the server associated with list 56.
ADD ACCESS_LIST 56 PERMIT 192.168.95.0
3 Permits all hosts on network 172.16 access to the server associated with list 1203.
ADD ACCESS_LIST 1203 PERMIT 172.16.0.0 255.255.0.0
ADD ACE_USER
Token Authentication only.
Adds a username to the TCPware ACE/Client user database (the TCPWARE:ACECLIENT_USER.DAT file). The ACE/Client authenticates the user if there is an entry in the database. You can only add one username with each command. Requires SYSPRV or BYPASS privilege.
To show the usernames added, use the SHOW ACE_USER command. To remove a username, use the REMOVE ACE_USER command. To create a new database and preserve the existing one under a new name, use the CREATE ACE_USER_DATABASE command.
ADD ACE_USER username
username
Name of the user to add to the ACE/Client database.
Example
Shows a sequence of adding new users to the TCPware ACE/Client user database and showing the results, showing the database file created, removing a user and showing the results, and creating a new database.
NETCU> ADD ACE_USER DIAMONDS
NETCU> ADD ACE_USER HEARTS
NETCU> ADD ACE_USER CLUBS
NETCU> ADD ACE_USER SPADES
NETCU> SHOW ACE_USER
TCPware ACE/Client Username Database
Username
CLUBS
DIAMONDS
HEARTS
SPADES
NETCU> ADD ACE_USER JOKER
NETCU> SHOW ACE_USER
TCPware ACE/Client Username Database
Username
CLUBS
DIAMONDS
HEARTS
JOKER
SPADES
NETCU> SPAWN DIR ACECLIENT_USER*
Directory SYS$COMMON:[TCPWARE] ACECLIENT_USER.DAT;1
NETCU> REMOVE ACE_USER JOKER
NETCU> SHOW ACE_USER
TCPware ACE/Client Username Database
Username
CLUBS
DIAMONDS
HEARTS
SPADES
NETCU> CREATE ACE_USER_DATABASE
NETCU> SPAWN DIR ACECLIENT_USER*
Directory SYS$COMMON:[TCPWARE]
ACECLIENT_USER.DAT;1 ACECLIENT_USER_OLD.DAT;1
ADD ARP
Adds an entry to an Address Resolution Protocol (ARP) table. Each ARP table entry consists of an internet address paired with a physical address. Requires OPER privilege.
Note! You do not need to use this command under normal circumstances. ARP maps internet addresses to physical addresses automatically. Use this command in rare instances when a particular host does not support ARP.
ADD ARP destination-ia physical-address
SET ARP destination-ia physical-address
destination-ia
Internet address or host name of the ARP table entry.
physical-address
Ethernet, FDDI, or HYPERchannel address of the host specified by the destination-ia.
The standard physical address is in the format aa-bb-cc-dd-ee-ff, where for HYPERchannel physical addresses:
|
aa |
is the global network address domain |
|
bb |
is the global network address network |
|
cc |
is the physical unit |
|
dd |
is the logical unit |
|
ee |
is the trunks-to-try mask |
|
ff |
is the flags mask |
If ee-ff is 00-00, the value becomes FF-00.
If you do not specify an ARP server address when configuring the HYPERchannel line (HYP-n) and use the ADD ARP command to populate the ARP Table, a TCPware host can act as an ARP server. A TCPware host responds to ARP requests it receives for addresses in the ARP table that you add using the /PUBLISH qualifier.
/LINE=line
Line id of the ARP table where you want NETCU to place the entry. When not specified, NETCU determines the ARP table on the basis of the internet address.
You must specify the /LINE qualifier when the internet address is not a local address.
/LOCK
Prevents ARP messages from changing the value of the physical address.
/PERMANENT
Makes the entry permanent in the ARP table. Without /PERMANENT, the entry may disappear from the ARP table if:
• The host does not receive a datagram within 10 minutes that has the destination-internet-address/ physical-address pair
• The ARP table is full and the entry is the oldest entry in the table
If you enable Reverse Address Resolution Protocol (RARP) support for an Ethernet or FDDI line, TCPware only responds to RARP requests for entries marked /PERMANENT.
/PUBLISH
The local host responds to ARP requests for the specified internet address.
Example
Places an entry in the ARP table for line QNA-0 (/LINE=QNA-0) that defines the Ethernet address for host ALPHA. This entry is permanent (/PERMANENT).
ADD ARP ALPHA AA-02-04-06-08-10/PERMANENT/LINE=QNA-0
ADD EXPORT
NFS Server only.
Adds an entry to the EXPORT database that lets the NFS server export the server filesystems to a remote NFS client. Users at the NFS-Client can then mount the server filesystems. Requires write access to the TCPWARE:NFS_EXPORT.DAT file. The EXPORT database is dynamic. Entries you add to the database become valid immediately. You do not need to restart the server.
If you are adding entries to the EXPORT database for the first time, read the EXPORT Database section in Chapter 14 of the TCPware for OpenVMS Management Guide.
ADD EXPORT "nfs-path" vms-directory
"nfs-path"
NFS-style pathname used to reference the exported directory. Typically expressed as a UNIX-style pathname. Enclose in quotation marks (" ").
Although nfs-path can be arbitrary, it usually reflects the actual OpenVMS directory path. The NFS client user must refer to the same nfs-path in naming the mount point.
vms-directory
Directory on the local OpenVMS server that you want to export. The directory must include the device specification, as in the following example:
$DISK1:[SALES.RECORDS]
When you export a directory, the NFS client user can potentially have access to all files and directories below the export point. The device you export should be a "public" device. The Server does not implement volume protection. Also, the Server only supports Files-11 ODS-2 structure level disks.
Qualifiers
Note! Many of the following qualifiers are specific to applications running on certain hosts. In these cases, it is critical to use the /HOST qualifier in combination with these qualifiers.
/HOST=(host[,host...])
Only specified host(s) can have access to the exported OpenVMS directory. NETCU allows either host names or internet addresses. Use the parentheses only if you specify a list of hosts (separated by commas). If you omit /HOST, any host can mount the exported directory.
/CONVERT={STREAM_LF (default) | STREAM_CRLF}
/NOCONVERT (for use with TCPware’s NFS Client)
/CONVERT converts files on reads to either STREAM_LF (the default) for UNIX systems or STREAM_CRLF for PC systems.
/NOCONVERT disables this conversion and must be specified when using the Server together with TCPware’s NFS-OpenVMS Client.
/EXPLICIT_MOUNT
/NOEXPLICIT_MOUNT (default)
/EXPLICIT_MOUNT prevents users from subsequently mounting subdirectories of the mount point.
/NOEXPLICIT_MOUNT allows subdirectory mounts.
/FILENAME={ SRI (default) | PATHWORKS | PATHWORKS_CASE }
Uses the SRI International or PATHWORKS filename mapping schemes.
SRI is the default scheme between UNIX and OpenVMS systems.
PATHWORKS specifies non-case-sensitive filename mapping.
PATHWORKS_CASE specifies case-sensitive filename mapping.
/HIGHEST_VERSION
/NOHIGHEST_VERSION (default)
/HIGHEST_VERSION returns only the highest version of files in directory requests. /NOHIGHEST_VERSION does not. All file versions still exist in either case.
/PRIVILEGED_PORT
/NOPRIVILEGED_PORT (default)
/PRIVILEGED_PORT requests that incoming requests originate from privileged ports only. /NOPRIVILEGED_PORT does not.
/PROXY_CHECK
/NOPROXY_CHECK (default)
/PROXY_CHECK specifies that mount requests only originate from users having mappings in the PROXY database.
/NOPROXY_CHECK does not.
/RFM=option
Record format (RFM) of newly created files. The options are STREAMLF, STREAMCR, STREAM, FIXED, and UNDEFINED.
/SERVER_ACCESS
/NOSERVER_ACCESS (default)
/SERVER_ACCESS requests the server to do access checking.
/NOSERVER_ACCESS requests that both the server and client do the checking.
/SUPERUSER_MOUNT
/NOSUPERUSER_MOUNT (default)
/SUPERUSER_MOUNT requests that only the superuser can mount a file system. /NOSUPERUSER_MOUNT does not.
/VERSION={ DOT | SEMICOLON (default) | ALL | HIGHEST }
DOT changes the file version display for exported filesystems to file.ext.version (a dot) for UNIX compatibility instead of the usual file.extension;version (a semicolon).
SEMICOLON (default) uses the regular semicolon.
ALL exports files with version numbers intact rather than the default of leaving the highest numbered version unnumbered.
HIGHEST is a synonym for /HIGHEST_VERSION. Do not use DOT with SEMICOLON.
/WRITE (default)
/NOWRITE
/WRITE requests that the client have read-write access to the filesystem.
/NOWRITE requests that the client have read access only.
Example
Exports the directory SALES.RECORDS on device $DISK1: as path /vax/records to hosts ORCHID and ROSE. Any subdirectories below SALES.RECORDS are also accessible. However, hosts ORCHID and ROSE cannot have access to or mount directories above SALES.RECORDS or other SALES subdirectories.
ADD EXPORT "/vax/records" $DISK1:[SALES.RECORDS] /HOST=(ORCHID,ROSE)
ADD GROUP
NFS Client only.
Adds an entry to the GROUPNO TAG database that associates an OpenVMS user with an NFS group or list of groups. Requires SYSPRV privilege and write access to the TCPWARE:GROUP.DAT file.
If the GROUP database does not exist, use the CREATE GROUP command first to create an empty one. Use the REMOVE GROUP command to remove a group from the database.
Note! The GROUP database is static. Use the RELOAD GROUP command when you modify it.
ADD GROUP nfs-group vms-identifier
nfs-group
NFS group number found in the /etc/group file on the server. For example, if the users group appears in the /etc/group file as:
users:*:15:
vms-identifier
Associates either an OpenVMS rights identifier or UIC (or wildcarded UIC) with the NFS group. Only associate one vms-identifier per NFS group. Use either of the following formats to enter the value:
|
Format |
Description |
|
"Name" |
OpenVMS rights identifier or username |
|
"Value" |
UIC value in [group,member] or %Xnnnnnnnn format; you can use wildcard entries such as [200,*]. |
"Name" and "value" correspond to the columns associated with entries in the OpenVMS rights database. To have access to this database, use the commands:
$ SET DEFAULT SYS$SYSTEM
$ RUN AUTHORIZE
UAF> SHOW/IDENTIFIER *
For example, the following line may appear in the rights database:
Name Value Attributes
----- ----- ----------
USER [000200,000200]
/HOST=(host[,host...])
Server host(s) on which the group identification is valid. If omitted, any remote host is valid for the group. /HOST accepts either host names or internet addresses. Use the parentheses with multiple host entries.
Examples
1 Associates NFS group number 15 on server host IRIS with the "value" [200,*], meaning "any user in group 200."
ADD GROUP /HOST=IRIS
_Group: 15
_Identifier: [200,*]
The nfs-group number derives from the entry in the /etc/group file on the server for the users group:
> cat /etc/group
staff:*:10:
users:*:15:
2 Associates NFS group number 15 with the OpenVMS rights identifier, USERS. As in Example 1, the nfs-group number derives from the entry in the /etc/group file on the server. Assuming that the USERS rights identifier exists in the rights database, any user granted this identifier would be in the group corresponding to GID 15 in NFS.
ADD GROUP 15 USERS
The resulting ADD GROUP entry would appear in the GROUP database as follows:
NFS GROUP Database V5.8 Copyright (c) 2007 Process Software
Group Name Value Host(s)
----- ---- ----- ------
15 USERS %X8001000C
ADD KACL
Used by the Kerberos master administrator. Adds a Kerberos access control list (KACL) entry for access from a remote host to the Kerberos database using the Kerberos Administration Server. This ACL entry allows the Kerberos administrator to add (using ADD KERBEROS USER), modify (using MODIFY KERBEROS USER), or view (using SHOW KERBEROS USER) users’ entries in the Kerberos database.
This command may only be executed if the local host is configured as a Kerberos Server. Requires OPER or SYSPRV privilege and entry of the Kerberos master password.
ADD KACL access-type admin-username instance [realm]
Enter Kerberos master password: master-password
Verifying, please re-enter: master-password
access-type
One of the following ACL access types:
|
Access type |
Description |
|
ADD |
Kerberos administrator can add to the Kerberos database from a remote host (TCPware adds the username to the TCPWARE:ADMIN_ACL.ADD file) |
|
MODIFY |
Kerberos administrator can modify the Kerberos database from a remote host (TCPware adds the username to the TCPWARE:ADMIN_ACL.MOD file) |
|
SHOW |
Kerberos administrator can show entries in the Kerberos database from a remote host (TCPware adds the username to the TCPWARE:ADMIN_ACL.GET file) |
admin-username
Kerberos administrator’s username to add to the Kerberos database. Converted to lowercase unless you enclose it in quotes. The Kerberos administrator entered must also have an administrator’s entry in the Kerberos database (see ADD KDB for details).
instance
Value should be admin since the username is for a Kerberos administration user.
realm
Alternate Kerberos realm to use instead of the TCPWARE_KERBV4_REALM logical value. Converted to lowercase unless you enclose it in double quotes.
master-password
Kerberos password used for access to the Kerberos database. Converted to lowercase unless you enclose it in double quotes.
/PROMPT (default)
/NOPROMPT
Specifies whether the system should prompt you for the master password. /NOPROMPT reads the master password from the file created by STASH MASTER_PASSWORD.
Examples
The three commands combined add KACLs for administrator account persephone to add, modify, and show entries, respectively, in the Kerberos database. The last command (with /NOPROMPT) does not prompt for the master password but rather causes it to be read from the file created by STASH MASTER_PASSWORD.
ADD KACL ADD PERSEPHONE ADMIN HADES.COM
Enter Kerberos master password:
Verifying, please re-enter:
ADD KACL MODIFY PERSEPHONE ADMIN HADES.COM
Enter Kerberos master password:
Verifying, please re-enter:
ADD KACL SHOW PERSEPHONE ADMIN HADES.COM /NOPROMPT
ADD KDB
Used by the Kerberos master administrator. Adds an entry to the Kerberos database after the database was created (using CREATE KDB) and the master password stashed (using STASH MASTER_PASSWORD).
This command can only be executed if the local host is configured as a Kerberos Server. Requires OPER or SYSPRV privilege and entry of the Kerberos master password.
ADD KDB principal password [instance]
Enter Kerberos master password: master-password
Verifying, please re-enter: master-password
principal
Kerberos user’s login name, or name of the Kerberos application service provided. Converted to lowercase unless you enclose it in double quotes.
password
Kerberos user’s, administrator’s, or application service’s password. Specify "NULL" for a null password (not recommended, but allowed), or "RANDOM" to have a randomly generated password selected (recommended only for application services, not users or administrators). Converted to lowercase unless you enclose it in double quotes.
instance
Usually omitted for a general Kerberos user; admin for an administrative user; or name of the machine on which the Kerberos application resides for an application service. Converted to lowercase unless you enclose it in double quotes.
master-password
Kerberos password used for access to the Kerberos database. Converted to lowercase unless you enclose it in double quotes. Use the /NOPROMPT qualifier if you do not want to be prompted for the password and want it read from TCPWARE:KSTASH.KEY file instead.
/ATTRIBUTE=attribute
Attribute number from 0 to 65535. The default is 0.
/EXP_DATE=date
Expiration date of the KDB entry. The default is 31-DEC-2099 23:59.
/KDBFILE=file
Name of the KDB file. The default is TCPWARE:PRINCIPAL.OK.
/MAX_LIFE=minutes
Maximum lifetime of the KDB entry, in minutes. The default is 255 minutes.
/PROMPT (default) /NOPROMPT
Specifies whether TCPware prompts you for the master password.
/NOPROMPT reads the master password from the file created by the STASH MASTER_PASSWORD command.
Example
1 Creates an entry for username hermes, which has the Kerberos password herald. This entry will be used to grant username hermes a ticket-granting ticket from any remote host.
ADD KDB HERMES HERALD
Enter Kerberos master password:
Verifying, please re-enter:
2 Creates an entry for username zeus, who has a Kerberos password of olympus. This entry only grants username zeus a ticket-granting ticket from remote host athens (zeus must be on athens to get a TGT).
ADD KDB ZEUS OLYMPUS ATHENS
Enter Kerberos master password:
Verifying, please re-enter:
3 Creates an entry for the Berkeley R services on remote host bart. The "rcmd" is the name of the Kerberos application service provided on remote host bart.
ADD KDB "rcmd" "RANDOM" BART
Enter Kerberos master password:
Verifying, please re-enter:
4 Creates a Kerberos Administrator account for principal persephone, which has the Kerberos Administrator password spring, and an instance of admin. In this case, admin does not indicate the name of the machine from which persephone can access the Kerberos database; rather, it indicates that persephone is a Kerberos Administrator who can access the database from any remote host.
ADD KDB PERSEPHONE SPRING ADMIN
Enter Kerberos master password:
Verifying, please re-enter:
ADD KERBEROS USER
For Kerberos client administrators. Adds a user to the Kerberos Server database. The default Kerberos administrator account name is the name of the OpenVMS account using this command. Requires OPER or SYSPRV privilege and entry of the Kerberos administrator’s password.
ADD KERBEROS USER username user-password
Administrator password for admin-account: admin-password
username
Kerberos user’s login name. Converted to lowercase unless you enclose it in quotes.
user-password
Kerberos user’s password. Converted to lowercase unless you enclose it in quotes.
admin-password
Kerberos administrator’s password. Converted to lowercase unless you enclose it in quotes.
/ADMINISTRATOR=admin-username
Alternate Kerberos administrator name. Converted to lowercase unless you enclose it in quotes. The default is the current OpenVMS account name, in lowercase.
Example
Adds a new Kerberos user, achilles, to the Kerberos database. The password for user achilles is running.
ADD KERBEROS USER ACHILLES RUNNING /ADMIN=PERSEPHONE
Administrator password for ‘persephone’:
ADD MULTICAST_GROUP
Adds a multicast host group address to the table of joined addresses for the interface or all interfaces. Once you add a multicast group address to an interface, applications can receive datagrams sent to that address. Requires OPER privilege.
ADD MULTICAST_GROUP internet-address
internet-address
Internet address or host name of the multicast host group address.
/LINE=line-id
Line ID of the interface on which to add the address. If omitted, TCPware adds the address to all active interfaces.
Example
Adds the all-routers multicast address (224.0.0.2) to all active interfaces. Once added, applications receive datagrams sent to the multicast address.
ADD PROXY
NFS Client and NFS Server.
Registers an NFS or remote user as an OpenVMS username in the PROXY database. Requires SYSPRV privilege and write access to the TCPWARE:NFS_PROXY.DAT file.
Note! If you omit the /CLIENT or /SERVER qualifier, or do not define the TCPWARE_NFS_DYNAMIC_PROXY logical accordingly, you must use the RELOAD PROXY command to reload the database. (For details, see Reloading the PROXY Database in Chapter 14 of the TCPware for OpenVMS Management Guide.)
ADD PROXY vms-username
vms-username (required)
OpenVMS username to which you want to map an NFS userid. The username must appear as in the OpenVMS User Access File (SYSUAF.DAT).
Qualifiers
The /HOST, /UID, /GID, or /NFS qualifiers make the PROXY entry more restrictive. When you omit a qualifier, NFS-OpenVMS interprets it as a wildcard. For example, the command ADD PROXY SMITH/UID=210 creates an entry that lets a user with UID=210, but with any GID and from any host, use OpenVMS username SMITH.
/HOST=(host[,host...])
Host(s) from which the UID/GID identification is valid. Specify at least one host name. If omitted, NETCU allows any remote host with the matching identification.
/HOST accepts either host names or internet addresses. Use parentheses for multiple hosts.
/UID=uid
User’s ID (UID). If omitted, NETCU accepts any UID for the vms-username.
/GID=gid
User’s group ID (GID). If omitted, NETCU accepts any GID for the vms-username.
/CLIENT
/NOCLIENT (default)
/CLIENT notifies the Client to immediately update its loaded PROXY database with an entry for vms username.
/NOCLIENT does not notify the Client. This overrides any default action specified using the TCPWARE_NFS_DYNAMIC_PROXY logical.
/SERVER
/NOSERVER (default)
/SERVER notifies the Server to immediately update its loaded PROXY database with an entry for vms-username.
/NOSERVER does not notify the Server. This overrides any default action specified using the TCPWARE_NFS_DYNAMIC_PROXY logical.
Examples
The following examples range from most restrictive to least restrictive:
1 Registers a user with UID=210 and GID=5 at host ROSE to OpenVMS username SMITH for the NFS Server only.
ADD PROXY SMITH /UID=210 /GID=5 /HOST=ROSE /SERVER
2 Registers a user with UID=210 and GID=5 to OpenVMS username SMITH and dynamically reloads the PROXY database on both the Client and Server.
ADD PROXY SMITH /UID=210 /GID=5 /CLIENT /SERVER
3 Registers any user with GID=5, any UID, and at any host to OpenVMS username JONES.
4 Registers any user from host ORCHID to OpenVMS username JONES.
ADD ROUTE
Adds an entry to the routing table. Requires OPER privilege. (See also REMOVE ROUTE.)
ADD ROUTE destination-ia {line | gateway-ia}
SET ROUTE destination-ia {line | gateway-ia}
destination-ia
Internet address or host name of the destination host or network. Specify 0.0.0.0 to add a default gateway or use the SET GATEWAY command.
line (default)
Line ID of the direct route interface. If you specify a value for line, you cannot specify a gateway-ia.
gateway-ia
Internet address or host name of the gateway for the host or network (see the /GATEWAY qualifier below).
/GATEWAY
Datagrams sent to the gateway. Do not use if specifying a line ID. If omitted, TCPware sends the datagrams to the destination IP address over the interface specified by line.
{/HOST | /NETWORK}
Use either one of these qualifiers to specify the type of route.
/HOST creates a host route for the host destination-ia identifies. /NETWORK creates a network route that leads to the network destination-ia identifies.
If you omit both, TCPware determines the type of route by looking at the host number part of destination-ia. If the host number is zero (0), TCPware assumes the route is a network route.
/LOCK
Disables ICMP redirect messages from changing the specified route.
/MASK=mask
Internet address mask for the Classless Inter-domain Routing (CIDR) protocol. The mask specifies the bits to use for the network portion of a mask. Thus the traditional network masks would be specified as:
Class A Network 255.0.0.0 Class B Network 255.255.0.0 Class C Network 255.255.255.0
If the mask is omitted, the destination address is derived by first checking interfaces for the same network number and, if one is found, the mask for that interface is used. Otherwise, the address is examined to determine if it is Class A, B, C, D, or E and a mask is created based on the class.
Network routes are sorted such that the routes with the most restrictive mask are searched before routes with a less restrictive mask. For example, a route with mask 255.255.255.0 is searched before a route with mask 255.255.0.0.
Do not create noncontiguous subnet masks. For example, a mask of 255.0.255.0 is not allowed.
Examples
1 Places a new route in the local host’s routing table. This route indicates that any traffic for network 172.16.10.0 (/NETWORK) must use gateway 172.16.1.5 (/GATEWAY). /LOCK indicates that an ICMP redirect message cannot modify this route.
ADD ROUTE 172.16.10.0 172.16.1.5/NETWORK/GATEWAY/LOCK
2 Adds a host route to the routing table (/HOST) and directs all datagrams for host 172.16.4.3 to gateway 172.16.1.16 (/GATEWAY).
ADD ROUTE 172.16.4.3 172.16.1.16/HOST/GATEWAY
3 Adds a route for the directly connected 172.16 network through the QNA-0 line.
ADD ROUTE 172.16.0.0 QNA-0
4 Adds a default route to gateway 172.16.0.5 (equivalent to SET GATEWAY 0.0.0.0)
ADD ROUTE 0.0.0.0 172.16.0.5/GATEWAY
ADD SECONDARY
Adds an additional internet address recognized as a local address. Requires OPER privilege
Note! It may be necessary to add a route to have the address be reachable from the system that the address is added to.
ADD SECONDARY ia
ia
Internet address you want recognized as a local address.
/CLUSTER_LOCK
Instructs the VMScluster node to take the OpenVMS cluster-wide resource lock before adding the secondary address. If another node in the VMScluster holds the lock, the node queues for the lock and adds the address when it acquires the lock.
Examples
1 192.168.95.101 becomes an additional local address for the interface address(es).
ADD SECONDARY 192.168.95.101
2 The VMScluster node queues for a resource lock on the specified address. When the node takes the lock, it adds the address as an additional local address. This node acquires the lock when no other node holds the lock or the node that holds the lock releases it (such as when you shut down TCPware or the node).
ADD SECONDARY 192.168.95.101 /CLUSTER_LOCK
ADD SERVICE
Instructs NETCP to start listening for connections on the specified port for the TCP or UDP protocol. Requires OPER privilege.
The TCPWARE:NETCP.LOG file logs each connection serviced. You can review this file for details on server errors and to monitor access and security violations.
ADD SERVICE port protocol [image]
port
Name or port number the service uses. Any service name or port number (except 0) defined in the TCPWARE:SERVICES. file.
protocol
Protocol that services the connection. Table 2-2 lists the valid values.
Table 2-2 Protocol Values (Continued)
|
Enter this value... |
For... |
|
BG_TCP |
UCX-based servers on TCP |
|
BG_UDP |
UCX-based servers on UDP |
|
TCP |
TCPDRIVER-based servers |
|
UDP |
UDPDRIVER-based servers |
|
STREAM, DGRAM |
INETDRIVER-based servers |
If you use the BG_TCP or BG_UDP protocol values:
• You MUST specify /USERNAME=username and /INPUT=file. The file in this case is the name of the service’s startup command file. DO NOT use the image parameter. BG_TCP and BG_UDP run images from the startup command file only.
• Use only the default create_server_process internal action routine (see the /ROUTINE qualifier).
• DO NOT use the /OUTPUT or /ERROR qualifier.
image
File specification of the server you want executed. DO NOT use with BG_TCP or BG_UDP; use the /INPUT qualifier instead.
/ACCESS_LIST=list
Incoming access restrictions list that controls which hosts have access to the server. Access restrictions affect TCP connections only.
If you define a list using this qualifier and do not add entries to the list, no hosts have access to this server. If the list contains entries, only the specified hosts have access. If you do not define an incoming access restrictions list, all hosts have access. The list value must be a number between 1 and 65535. 0 (no list) is the default.
Use the ADD ACCESS_LIST command to define list entries, the REMOVE ACCESS_LIST command to remove list entries, and the SHOW ACCESS_LISTS command to display entries.
/ADDRESS=ip-address
Adds the service for the specified address or hostname only. The default is 0.0.0.0.
/BACKLOG=number-backlogged-connections
Number of backlogged connections allowed for listening TCP services. If omitted, the value /BACKLOG=0 is used to indicate the default connection backlog (usually 128).
/INACTIVITY_TIMER=(TIME:minutes, CHECK_INTERVAL:minutes)
Sets an inactivity timer to kill idle NOLISTEN server processes (see the /NOLISTEN qualifier) for the TCP protocols (not used for UDP). A process is idle if there is no CPU activity for the amount of minutes specified:
|
TIME:minutes |
Idle NOLISTEN processes are terminated after this amount of time (the default is infinite) |
|
CHECK_INTERVAL:minutes |
Checks for idle NOLISTEN processes each of these time intervals (the default is one minute) |
/LIMIT=number-servers
Maximum number of active servers that can reside on this host for the specified port(s). TCPware always uses /LIMIT=1 for UDP ports, regardless of what you enter. For example, to add a service on port 21 supporting one active server, use /LIMIT=1. NETCP waits for the current service to process before it listens for a new connection on the same port.
/LOG (default)
/NOLOG
/LOG starts logging of non-error events to the NETCP.LOG file. /NOLOG stops logging.
/NOLISTEN
Instructs NETCP to create the server process only when it detects a connection and not to hand off a socket or I/O channel. The default is to create the server process while listening for a connection. Use for the TCP protocols only (not for UDP).
/OPTION=option
Passes the process’s STREAM device (INETn:) created using one of the following options:
TCPware ignores this qualifier if specified for non-STREAM services or services that do not use the create_server_process routine (see the /ROUTINE qualifier).
/ROUTINE=routine-name
NETCP internal action routine called when TCPware establishes a connection for the service. Table 2-3 lists the available routines.
Table 2-3 Internal Action Routines (Continued)
The default routine is create_server_process. This routine is appropriate for all user-written servers (and must be used for BG_TCP and BG_UDP protocol values).
/USERNAME=username
Use primarily with UCX devices (BG_TCP or BG_UDP protocol). If used with other devices, creates a detached process under the specified username.
Other Qualifiers
The following qualifiers are a subset of those the DCL RUN/DETACHED command uses. In most cases, OpenVMS provides default values for any qualifiers that you do not specify.
Always use /UIC and /PRIVILEGES to ensure that the new process has OPER privilege. All server processes should have at least TMPMBX and NETMBX privileges.
See the DCL documentation for complete details on each of the following qualifiers.
/ACCOUNTING (default)
/NOACCOUNTING
/AUTHORIZE
/NOAUTHORIZE (default)
/ERROR=filespec (DO NOT use with BG_TCP or BG_UDP protocol)
/INPUT=filespec (Use with BG_TCP and BG_UDP protocols as the name of the service’s
startup command file)
/OUTPUT=filespec (DO NOT use with BG_TCP or BG_UDP protocol)
/SERVICE_FAILURE
/NOSERVICE_FAILURE (default)
/SWAPPING (default)
/NOSWAPPING
/WORKING_SET=quota
If you omit /INPUT, /OUTPUT, or /ERROR, NETCP supplies the TCP, UDP, or INET device name for the connection when it creates the process. If you use /PROCESS_NAME=process-name, NETCP uses up to 10 characters of the process-name. In addition, NETCP appends an underscore ( _ ) and an ASCII decimal server number to the process-name to ensure that the process-name is unique.
Examples
1 Starts the DAYTIMED server for host BART only. Since the qualifiers do not specify any values, NETCU uses the OpenVMS default values.
ADD SERVICE DAYTIME TCP TCPWARE:DAYTIMED /ADDRESS=BART-
/PROCESS_NAME=DAYTIMED-
/NOACCOUNTING-
/NOAUTHORIZE-
/INPUT=NLA0:-
/OUTPUT=NLA0:-
/ERROR=NLA0:-
/UIC=[SYSTEM]-
/PRIVILEGES=(NOSAME,NETMBX,TMPMBX)
2 Starts the MYSERV service (defined in the TCPWARE:SERVICES. file) running over the BG_TCP (UCX) protocol, using the MYSERV_STARTUP.COM file, and creating a detached process under username SMITH.
ADD SERVICE MYSERV BG_TCP /INPUT=TK100:[MYSERV]MYSERV_STARTUP.COM
/USER=SMITH
CHECK GATED CONFIGURATION
Checks the syntax of a GateD configuration file. If no input file is specified, TCPware checks the default configuration file, TCPWARE:GATED.CONF. This command does not affect a running GateD process.
CHECK GATED CONFIGURATION [file]
file
Name of the configuration file to check. If omitted, defaults to TCPWARE:GATED.CONF.
Example
Checks the syntax of a GateD configuration file called TEST.CONF located in the user’s current working directory.
CHECK GATED CONFIGURATION TEST.CONF
CREATE ACE_USER_DATABASE
Token Authentication only.
Creates a new ACE/Client user database and preserves the existing one under a new name. The new database is created in the TCPWARE:ACECLIENT_USER.DAT file and is empty. If a previous database file exists, it is re to TCPWARE:ACECLIENT_USER_OLD.DAT. Requires SYSPRV or BYPASS privilege.
|
To... |
Use this command... |
|
add users to the database |
ADD ACE_USER |
|
show the usernames added |
SHOW ACE_USER |
|
remove a username |
REMOVE ACE_USER |
CREATE ACE_USER_DATABASE
Example
Creates a new ACE/Client user database and renames the current one to _OLD.DAT.
NETCU> CREATE ACE_USER_DATABASE
NETCU> SPAWN DIR ACECLIENT_USER*
Directory SYS$COMMON:[TCPWARE]
ACECLIENT_USER.DAT;1 ACECLIENT_USER_OLD.DAT;1
CREATE EXPORT
NFS Server only.
Creates an empty EXPORT database. Requires write access to the TCPWARE:NFS_EXPORT.DAT file.
Note! NFS Server installations create an empty EXPORT database. Use this command to supersede an existing EXPORT database only.
CREATE EXPORT
Example
Shows the current EXPORT database, overwrites it, and shows that the database is now empty.
SHOW EXPORT
NFS EXPORT Database V5.8 Copyright (c) 2007 Process Software
Path Directory Host(s)
---- --------- -------
/usr $DISK1:[SALES.RECORDS] SIGMA
CREATE EXPORT
SHOW EXPORT
%TCPWARE-NETCU-I-NOENTRIES, no EXPORT entries found
CREATE GROUP
NFS Client only.
Creates an empty GROUP database. Requires write access to the TCPWARE:NFS_GROUP.DAT file.
Note! Client installation creates an empty GROUP database. Only use this command to supersede an existing GROUP database.
CREATE GROUP
Example
Shows the current GROUP database, overwrites it, and shows that the database is now empty.
SHOW GROUP
NFS GROUP Database V5.8 Copyright (c) 2007 Process Software
Group Name Value Host(s)
----- ---- ----- -------
15 GROUP %X8001000B
15 GROUP_16 %X8001000E
CREATE GROUP
SHOW GROUP
%TCPWARE-NETCU-I-NOENTRIES, no GROUP entries found
CREATE KDB
Used by the Kerberos master administrator. Creates and initializes the Kerberos database (KDB). You must use CREATE KDB before starting the Kerberos Server or Administration Server. This command can only be executed if the local host is configured as a Kerberos Server. Requires OPER or SYSPRV privilege and entry of the Kerberos master password. See the SHOW KDB command for the output from CREATE KDB.
CREATE KDB
Enter Kerberos master password: master-password
Verifying, please re-enter: master-password
master-password
New Kerberos password to be used for access to the Kerberos database. Converted to lowercase unless you enclose it in double quotes.
Note! Keep the master password as secure as the password to the SYSTEM account. The Kerberos Server requires the KDB and a stashed Kerberos master password. See the STASH MASTER_PASSWORD command for details.
/KDBFILE=file
Name of the KDB file. The default is TCPWARE:PRINCIPAL.OK.
/REALM=realm
Kerberos realm to use instead of the one defined by the default logical TCPWARE_KERBV4_REALM. Converted to lowercase unless you enclose it in double quotes.
Example
Creates and initializes the Kerberos database while entering the Kerberos master password in the new KDB.
CREATE KDB
Enter Kerberos master password:
Verifying, please re-enter:
CREATE PROXY
NFS Client and Server.
Creates an empty PROXY database. Requires write access to the TCPWARE:NFS_PROXY.DAT file.
Note! Client and Server installation creates an empty PROXY database. Only use this command to supersede an existing PROXY database.
CREATE PROXY
Example
Shows the current PROXY database, overwrites it, and shows that the database is now empty.
SHOW PROXY
NFS PROXY Database V5.8 Copyright (c) 2007 Process Software
Username UID GID Host(s)
-------- --- --- -------
BART 1116 15
MARGE 1115 15
LISA 1117 16
HOMER -2 -2
CREATE PROXY
SHOW PROXY
%TCPWARE-NETCU-I-NOENTRIES, no PROXY entries found
CREATE SRVTAB
Used by the Kerberos master administrator. Creates an encrypted service table file for a host to allow its Kerberos application services to authenticate principals.
If the application service is not on the local host, you should specify an instance, and the file will be named instance-NEW-SRVTAB. in the local directory. The file should then be copied (preferably hand-carried) to the remote host and renamed there to TCPWARE:SRVTAB. if an OpenVMS machine, /etc/srvtab if a UNIX machine, or some other file if another type of machine (check their documentation for details).
Make sure the necessary services were previously added for the instance in the Kerberos database (see ADD KDB). Otherwise the service table file will be empty. Requires OPER or SYSPRV privilege and entry of the Kerberos master password.
CREATE SRVTAB [instance]
Enter Kerberos master password: master-password
Verifying, please re-enter: master-password
instance
Name of the host on which the Kerberos application services reside. The necessary services must have been added for that host in the Kerberos database or the service table file will be empty. Converted to lowercase unless you enclose it in quotes. If omitted, creates a service table for the local host and automatically creates the file TCPWARE:SRVTAB..
master-password
Kerberos password used for access to the Kerberos database. Converted to lowercase unless you enclose it in quotes.
/KDBFILE=file
Name of an alternate KDB file. The default is TCPWARE:PRINCIPAL.OK.
/PROMPT (default)
/NOPROMPT
Specifies whether TCPware prompts you for the master password. /NOPROMPT reads the master password from the file created by the STASH MASTER_PASSWORD command.
/REALM=realm
Kerberos realm to use instead of the one defined by the TCPWARE_KERBV4_REALM logical. Converted to lowercase unless you enclose it in quotes.
Examples
1 Creates the service table for the current host in the TCPWARE:SRVTAB. file.
CREATE SRVTAB
Enter Kerberos master password:
Verifying, please re-enter:
2 Creates the service table for remote host BART. Since /NOPROMPT was used, the master password is read from the file created by the STASH MASTER_PASSWORDNO TAG command. (A service ticket entry for BART was previously created using ADD KDB rcmd "RANDOM" BART.) The name of the service table file will be BART-NEW-SRVTAB. and will be hand-carried to BART and renamed there to TCPWARE:SRVTAB., since BART is an OpenVMS system.
DEBUG/IP
Displays information about IP datagrams sent and received over the network. Use this information to debug IP network problems. Requires LOG_IO privilege, along with either SYSPRV or BYPASS privilege.
The DEBUG/IP command displays the system time for the packet as mm:ss.cc (minutes, seconds, and hundredths of a second).
Press Ctrl/C to end the display and return to the NETCU prompt.
Note! To use the command output, you must understand the IP protocol and its header fields (see RFC 791). Contact Process Software if you need help.
DEBUG/IP
/DATA=byte-count
Maximum number of data bytes to display (the default is 16 bytes).
/DECODE
Shows all IP packets in TCPDUMP output format. You can combine /DECODE with any other qualifier except /OCTAL and /DECIMAL, since TCPDUMP output is in hex format.
/HEADER
Displays the IP header in bytes. By default, TCPware does not display the header since the important information contained in it appears in a decoded format.
{/OCTAL | /DECIMAL | /HEXADECIMAL}
Displays the data bytes in octal, decimal, or hexadecimal format. Hexadecimal is the default, which also displays printable ASCII characters for the bytes
You can only specify one of these qualifiers.
/LINE=line-id
Displays IP datagrams for the indicated line only.
{/SIA | /LIA}=(ia[,mask])
For transmitted packets, displays only packets the specified local internet address(es) sends. For received packets, displays only packets the specified local internet address(es) receives. For example, you can use this on a system with multiple interfaces to capture traffic to and from any particular interface.
This flag is optional if only one interface exists on the local system. If you omit the mask value, the parentheses are optional.
{/DIA | /RIA | /FIA}=(ia[,mask])
For transmitted packets, displays only packets the specified internet address(es) receives. For received packets, displays only packets the specified internet address(es) sends.
If you omit the mask value, the parentheses are optional.
Note! For the /SIA (/LIA) and /DIA (/RIA, /FIA) qualifiers, if you do not specify the mask value, TCPware determines the mask based on whether the host number portion of the address is 0 or non-zero. If non-zero, the mask is 255.255.255.255. If zero, the mask is the address mask for the network.
/PROTOCOL=n
Displays only packets for the specified IP protocol.
/OUTPUT=filespec
Uses the specified file instead of the terminal for output.
Example
Returns information such as the following about IP datagrams for all network connections:
DEBUG/TCP
Displays information about TCP segments sent and received over the network. Use this information to debug TCP network problems. Requires LOG_IO privilege, along with either SYSPRV or BYPASS privilege.
The DEBUG/TCP command displays the system time for the packet as mm:ss.cc (minutes, seconds, and hundredths of a second).
Press Ctrl/C to end the display and return to the NETCU prompt.
Note! To use the command output, you must understand the TCP protocol and its header fields (see RFC 793). Contact Process Software if you need help.
DEBUG/TCP
/DATA=byte-count
Maximum number of data bytes to display (the default is 16 bytes).
/DECODE
Shows all IP packets in TCPDUMP output format. You can combine /DECODE with any other qualifier except /OCTAL and /DECIMAL, since TCPDUMP output is in hex format.
/HEADER
Displays the TCP header in bytes. By default, TCPware does not display the header since the important information contained in it appears in a decoded format.
{/OCTAL | /DECIMAL | /HEXADECIMAL}
Displays the data bytes in octal, decimal, or hexadecimal format. Hexadecimal is the default, which also displays printable ASCII characters for the bytes. You can only specify one of these qualifiers.
{/SIA | /LIA}=(ia[,mask])
For transmitted packets, displays only packets the specified local internet address(es) sends. For received packets, displays only packets the specified local internet address(es) receives. For example, you can use this on a system with multiple interfaces to capture traffic to and from any particular interface.
This flag is optional if only one interface exists on the local system. If you omit the mask value, the parentheses are optional.
{/DIA | /RIA | /FIA}=(ia[,mask])
For transmitted packets, displays only packets the specified internet address(es) receives. For received packets, displays only packets the specified internet address(es) sends. If you omit the mask value, the parentheses are optional.
Note! For the /SIA and /DIA qualifiers, if you do not specify the mask value, TCPware determines the mask based on whether the host number portion of the address is 0 or non-zero. If non-zero, the mask is 255.255.255.255. If zero, the mask is the address mask for the network.
{/SPN | /LPN}=port
For transmitted packets, displays only packets the specified port number sends. For received packets, displays only packets you the specified port number receives.
{/DPN | /RPN | /FPN}=port
For transmitted packets, displays only packets the specified port number receives. For received packets, displays only packets the specified port number sends.
/OUTPUT=filespec
Uses the specified file instead of the terminal for output.
Example
Returns information such as the following about TCP segments for all network connections:
DEBUG/TCP
The system can display the following control bits after CTL=:
|
URG |
Urgent pointer |
|
ACK |
Acknowledgment; if set, the ACK field contains the value of the next sequence number the sender expects to receive |
|
PSH |
Push function |
|
RST |
Reset the connection |
|
SYN |
Synchronize sequence numbers |
|
FIN |
Finished connection: no more data from the sender |
DEBUG/UDP
Displays information about UDP datagrams sent and received over the network. Use this information to debug UDP network problems. Requires LOG_IO privilege, along with either SYSPRV or BYPASS privilege.
The DEBUG/UDP command displays the system time for the packet as mm:ss.cc (minutes, seconds, and hundredths of a second). Press Ctrl/C to end the display and return to the NETCU prompt.
Note! To use the command output, you must understand the UDP protocol and its header fields (see RFC 768). Contact Process Software if you need help.
DEBUG/UDP
/DATA=byte-count
Maximum number of data bytes to display (the default is 16 bytes).
/DECODE
Shows all IP packets in TCPDUMP output format. You can combine /DECODE with any other qualifier except /OCTAL and /DECIMAL, since TCPDUMP output is in hex format.
/HEADER
Displays the UDP header in bytes. By default, TCPware does not display the header since the important information contained in it appears in a decoded format.
{/OCTAL | /DECIMAL | /HEXADECIMAL}
Displays the data bytes in octal, decimal, or hexadecimal format. Hexadecimal is the default, which also displays printable ASCII characters for the bytes. You can only specify one of these qualifiers.
{/SIA | /LIA}=(ia[,mask])
For transmitted packets, displays only packets the specified local internet address(es) sends. For received packets, displays only packets the specified local internet address(es) receives. For example, you can use this on a system with multiple interfaces to capture traffic to and from any particular interface.
This flag is optional if only one interface exists on the local system. If you omit the mask value, the parentheses are optional.
{/DIA | /RIA | /FIA}=(ia[,mask])
For transmitted packets, displays only packets the specified internet address(es) receives. For received packets, displays only packets the specified internet address(es) sends. If you omit the mask value, the parentheses are optional.
Note! For the /SIA and /DIA qualifiers, if you do not specify the mask value, TCPware determines the mask based on whether the host number portion of the address is 0 or non-zero. If non-zero, the mask is 255.255.255.255. If zero, the mask is the address mask for the network.
{/SPN | /LPN}=port
For transmitted packets, displays only packets the specified port number sends. For received packets, displays only packets the specified port number receives.
{/DPN | /RPN | /FPN}=port
For transmitted packets, displays only packets the specified port number receives. For received packets, displays only packets the specified port number sends.
/OUTPUT=filespec
Uses the specified file instead of the terminal for output.
Example
Displays information about UDP datagrams for all network connections, includes the IP header information in bytes, and specifies the maximum number of data bytes to display (1,000), as in the following example:
DEFINE/KEY
Associates an equivalence string and a set of attributes with a key on the terminal keyboard. You must use the /KEY qualifier in this command.
DEFINE/KEY key-name equivalence-string
key-name
Name of the key you want to define.
Table 2-4 lists the key-names in the first column. The remaining three columns indicate the key designations on the keyboards for the three different types of terminals that allow key definitions. All definable keys on VT52 terminals are on the numeric keypad. On VT100-type terminals, you can define the # and % keys as well as all the keys on the numeric keypad.
You can define three types of keys on terminals with LK201 keyboards: keys on the numeric keypad, on the editing keypad (except the $ and ^ arrow keys), and on the function key row across the top of the terminal. You cannot define function keys F1 through F5.
The # and % keys and the F6 through F14 VT200 keys are reserved for command line editing. You must issue the DCL command SET TERMINAL/ NOLINE_EDITING before defining these keys. You can also press ^V to enable keys F7 through F14 (^V does not enable the F6 key).
Table 2-4 Key-Names (Continued)
|
Key-name |
LK201 |
VT100-type |
VT52 |
|
PF1 |
PF1 |
PF1 |
[blue] |
|
PF2 |
PF2 |
PF2 |
[red] |
|
PF3 |
PF3 |
PF3 |
[gray] |
|
PF4 |
PF4 |
PF4 |
n/a |
|
KP0,...,KP9 |
0,...9 |
0,...9 |
0,...9 |
|
PERIOD |
. |
. |
. |
|
COMMA |
, |
, |
n/a |
|
MINUS |
- |
- |
n/a |
|
ENTER |
Enter |
ENTER |
ENTER |
|
LEFT |
‹ |
‹ |
‹ |
|
RIGHT |
_ |
_ |
_ |
|
Find (E1) |
Find |
n/a |
n/a |
|
Insert Here (E2) |
Insert_Here |
n/a |
n/a |
|
Remove (E3) |
Remove |
n/a |
n/a |
|
Select (E4) |
Select |
n/a |
n/a |
|
Prev Screen (E5) |
Prev_Screen |
n/a |
n/a |
|
Next Screen (E6) |
Next_Screen |
n/a |
n/a |
|
HELP |
Help |
n/a |
n/a |
|
DO |
Do |
n/a |
n/a |
|
F6, ..., F20 |
F6, ...., F20 |
n/a |
n/a |
equivalence-string
String that you want to appear when you press the key. If the string contains spaces, enclose the equivalence string in quotation marks (" ").
/ECHO (default)
/NOECHO
/ECHO echoes the equivalence string on your screen after you press the key. /NOECHO does not echo the equivalence string on your screen. Do not use /NOECHO with the /NOTERMINATE qualifier.
/IF_STATE=(state-name,...)
/NOIF_STATE (default)
/IF_STATE defines which if-state you establish with the /SET_STATE qualifier is in effect. If you omit /IF_STATE or use /NOIF_STATE, TCPware uses the current if-state. See the /SET_STATE qualifier for details.
/LOCK_STATE
/NOLOCK_STATE (default)
/LOCK_STATE specifies that the state set by the /SET_STATE qualifier remains in effect until explicitly changed. /NOLOCK_STATE specifies that the state set by /SET_STATE is in effect only for the next definable key that you press or for the next read terminating character that you type. Use /LOCK_STATE only with /SET_STATE.
/SET_STATE=(state-name,...)
/NOSET_STATE (default)
/SET_STATE defines the if-state to use when you press the defined key. The state-name is any alphanumeric string. The parentheses are for establishing multiple states. By including several state-names, you can define a key to have the same function in all the specified states. If you omit /SET_STATE or use /NOSET_STATE, the currently locked state is in effect.
/TERMINATE
/NOTERMINATE (default)
/TERMINATE terminates the current equivalence string when you press the defined key. Terminating the string usually executes the string. /NOTERMINATE lets you create key definitions that insert text into command lines, after prompts, or into other text you type.
Example
Sets the F1 key on the keyboard to the "SMITH SECRET"::[USERS] string, sets the state to 1, and locks the state for that definition.
DEFINE/KEY F1 """SMITH SECRET""::[USERS]" /SET_STATE=1/LOCK_STATE
DEFINE TIMEZONE
Specifies the local time zone name that was either previously compiled into TCPware or is a name from a selected time zone in the time zone database files.
DEFINE TIMEZONE localzone
localzone
The name of the local time zone; for example, "MST."
/LOG
/NOLOG (default)
Displays a list of the time zones that are loaded, and a list of the compiled-in zones that were selected but not loaded because they were compiled-in.
/SELECT
/SELECT=(rule1 [,rule2 [...]])
Specifies a list of countries or time zones to load. Specifying a country loads all time zones in that country.
/FILES
/FILES=(FILE1 [,FILE2 [...]])
Specifies a list of files from which to load the time zone data. The default is TCPWARE:TIMEZONES.DAT. Locally-written rules are normally added to TCPWARE:TIMEZONES.LOCAL.
Example
1 This example defines the time zone to use as the United States local time zone MST.
NETCU DEFINE TIMEZONE mst
2 This example defines the time zone to MST and loads Arizona time zone rules.
NETCU DEFINE TIMEZONE mst/SELECT="us/arizona"
DISABLE FORWARDING
Disables forwarding of IP datagrams not destined for this host. Requires OPER privilege. TCPware disables forwarding by default. You should normally disable forwarding to prevent TCPware from routing datagrams between networks.
DISABLE FORWARDING
DISABLE REDIRECTS
Disables returning ICMP redirect messages to sending hosts. This can be set if this host is to act as a router. Requires OPER privilege. Disabling redirects is only valid if forwarding is also enabled through ENABLE FORWARDING. ENABLE REDIRECTS is the default if forwarding is enabled.
DUMP GATED STATE
Tells GateD to dump its internal state into a text file. If you omit the filename, the default is TCPWARE:GATED.DUMP.
Note! The NETCU processing of this command is completed before GateD finishes processing it.
DUMP GATED STATE [file]
file
Name of the file to which to dump. If omitted, defaults to TCPWARE:GATED.DUMP.
Example
Tells the GateD process to dump its internal state information to a file called TEMP.DUMP in the user’s current working directory.
DUMP KDB
Used by the Kerberos master administrator. Dumps the contents of the Kerberos database (KDB) into an ASCII text file. This command is useful for transferring the KDB from one machine to another. This command can only be executed if the local host is configured as a Kerberos Server. Requires OPER or SYSPRV privilege and entry of the Kerberos master password.
DUMP KDB output-file
Enter Kerberos master password: master-password
Verifying, please re-enter: master-password
output-file
master-password
Kerberos password used for access to the Kerberos database. Converted to lowercase unless you enclose it in double quotes.
/KDBFILE=file
Name of an alternate Kerberos database file from which the contents are dumped into an ASCII text file. The default is TCPWARE:PRINCIPAL.OK.
/PROMPT (default)
/NOPROMPT
Specifies whether TCPware prompts you for the master password. /NOPROMPT reads the master password from the file created by the STASH MASTER_PASSWORD command.
Example
Dumps the contents of the KDB into the foobar.txt file.
DUMP KDB FOOBAR.TXT
Enter Kerberos master password:
Verifying, please re-enter:
DUMP NAMED
These commands are used for debugging NameD:
|
Commands |
Description |
|
DUMP NAMED CACHE |
Dumps the current contents of the NameD cache to a file, TCPWARE:NAMED_DUMP.DB, in an RFC 883 format |
|
DUMP NAMED STATISTICS (STATS) |
Dumps the current NameD statistics to the TCPWARE:NAMED.STATS and the TCPWARE:NAMED.MEMSTATS files |
DUMP NAMED CACHE
DUMP NAMED STATISTICS
DUMP NAMED STATS
Examples
DUMP NAMED CACHE
%TCPWARE_NETCU-S-NORMAL, normal successful completion
1 The NameD cache is dumped to the TCPWARE:NAMED_DUMP.DB file, as in
the following example:
; Dumped at Thu May 1 09:14:39 2007
;; ++zone table++
;95.168.192.in-addr.arpa (type 2, class 1, source NAMED.temp_sirius_rev)
; time=862478265,lastupdate=862396837, serial=237,
; refresh=86400, retry=600, expire=3600000, minimum=86400
; ftime=862396837, xaddr=[0.0.0.0], state=0041, pid=0
; z_addr[1]: [192.168.1.92]
; nene.com (type 1, class 1, source NAMED.HOSTS)
; time=0, lastupdate=862396105, serial=6002,
; refresh=0, retry=1800, expire=3600000, minimum=86400
; ftime=862396105, xaddr=[0.0.0.0], state=0041, pid=0
; 48.168.198.in-addr.arpa (type 1, class 1, source NAMED.REV)
; time=0, lastupdate=862321422, serial=91,
; refresh=0, retry=600, expire=3600000, minimum=86400
; ftime=862321422, xaddr=[0.0.0.0], state=0041, pid=0
; 0.0.127.in-addr.arpa (type 1, class 1, source NAMED.LOCAL)
; time=0, lastupdate=850919099, serial=6001,
; refresh=0, retry=600, expire=3600000, minimum=86400
; ftime=850919099, xaddr=[0.0.0.0], state=0041, pid=0
;; --zone table--
; Note: Cr=(auth,answer,addtnl,cache) tag only shown for non-auth RR’s
; Note: NT=milliseconds for any A RR which we’ve used as a nameserver
; --- Cache & Data ---
$ORIGIN .. 279304 IN NS D.ROOT-SERVERS.NET.
;Cr=answer [198.168.48.105]
279304 IN NS E.ROOT-SERVERS.NET.
;Cr=answer [198.168.48.105]
.
.
.
The NAMESERVER.LOG file shows the following SIGNAL entries:
%%%%%%%%%%%% NAMED 1-MAY-2007 10:55:57.73 %%%%%%%%%%%%
%TCPWARE_NAMED-I-SIGNAL, Request to dump current cache received.
%%%%%%%%%%%% NAMED 1-MAY-2007 10:55:57.77 %%%%%%%%%%%%
%TCPWARE_NAMED-I-SIGNAL, dumping nameserver cache
%%%%%%%%%%%% NAMED 1-MAY-2007 10:55:58.13 %%%%%%%%%%%%
%TCPWARE_NAMED-I-SIGNAL, nameserver cache dump completed
DUMP NAMED STATS
%TCPWARE_NETCU-S-NORMAL, normal successful completion
2 Dumps the current NameD statistics in the NAMESERVER.LOG file, as
in the following example:
%%%%%%%%%%%% NAMED 1-MAY-2007 10:55:57.72 %%%%%%%%%%%%
%TCPWARE_NAMED-I-SIGNAL, Request to dump statistics received.
%%%%%%%%%%%% NAMED 1-MAY-2007 10:55:57.73 %%%%%%%%%%%%
%TCPWARE_NAMED-I-STATUS, dumping nameserver stats
+++ Statistics Dump +++ (862478765) Thu May 1 09:26:05 2007
723 time since boot (secs)
723 time since reset (secs)
0 Unknown query types
++ Name Server Statistics ++
(Legend)
RQ RR RIQ RNXD RFwdQ
RFwdR RDupQ RDupR RFail RFErr
RErr RTCP RAXFR RLame ROpts
SSysQ SAns SFwdQ SFwdR SDupQ
SFail SFErr SErr
(Global) 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0
[192.168.12.34] 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0
-- Name Server Statistics --
--- Statistics Dump --- (862478765) Thu May 1 09:26:05 2007
%%%%%%%%%%%% NAMED 1-MAY-2007 09:26:05.87 %%%%%%%%%%%%
%%TCPWARE_NAMED-I-STATUS, done dumping nameserver stats
ENABLE FORWARDING
Enables the forwarding of IP datagrams not destined for this host. This is necessary if this host is to act as a router. Requires OPER privilege. TCPware disables forwarding by default. When you enable forwarding, the host receiving IP datagrams forwards them to another network if needed.
ENABLE FORWARDING
ENABLE GATEWAY
/ARP
/NOARP (default)
Enables, or disables, ARP reply messages for remote internet addresses (also referred to as PROXY ARP). The network sends a reply only if there is a known route to the target internet address of the ARP request.
ENABLE REDIRECTS
Enables ICMP redirects to notify sending hosts to redirect IP datagrams to another host. This can be set if this host is to act as a router. Requires OPER privilege. Enabling redirects is only valid if forwarding is also enabled through ENABLE FORWARDING. ENABLE REDIRECTS is the default if forwarding is enabled. To disable redirects, use the DISABLE REDIRECTS command.
EXIT
Saves the current configuration, if it has been modified, then quits.
Exits NETCU and returns to the DCL level.
FIND ARP
Displays a single entry from an ARP table. ARP tables map internet addresses to physical hardware addresses for FDDI, Ethernet, and HYPERchannel interfaces. You can display the entire ARP table for a network device using the SHOW ARP command. For the format of the ARP table entries, see the SHOW ARP command.
FIND ARP destination-ia
destination-ia
Internet address or host name of the ARP table entry.
/LINE=line
Line ID of the ARP table where you want NETCU to locate the entry. You must use this qualifier if the internet address is not a local network address. If omitted, TCPware determines the ARP table based on the internet address.
Example
Finds the hardware (physical) address of the FLOWER.DAISY. COM internet address.
FIND ARP
_Internet address: FLOWER.DAISY.COM
Internet Address Physical Address Flags
---------------- ---------------- -----
192.168.5.1 AA-00-04-00-01-08
FIND PROXY
NFS Client and Server.
Locates and displays a single entry in the PROXY database. Requires read access to the TCPWARE:NFS_PROXY.DAT file.
On the Client, use this command to find the UIC assigned a specific user.
On the Server, use this command to determine which OpenVMS username the server uses when it receives a request from the specified UID, GID, and host name.
FIND PROXY
Qualifiers
Note! You must specify all three of the following qualifiers.
/HOST=host-name (required)
Host on which the user is valid. This qualifier is required.
/UID=uid (required)
User’s ID (UID). This qualifier is required.
/GID=gid (required)
User’s group ID (GID). This qualifier is required.
Example
Locates an OpenVMS username for an NFS user with UID=210, GID=5, at host ROSE.
FIND PROXY /UID=210 /GID=5 /HOST=ROSE
NFS PROXY Database V5.8 Copyright (c) 2007 Process Software
Username UID GID Host(s)
-------- --- --- -------
SMITH 210 15 ROSE
FIND ROUTE
The FIND ROUTE command displays an existing route from the routing table for a specified host or network.
FIND ROUTE destination-ia
destination-ia
The internet address or host name of the host or network of the routing table entry.
Example
Finds the routing table entry for the 192.168.5.21 host internet address.
The UNIL flag entry indicates that the route is "up" (functional), that it is a network (N) route, that the route is a network interface (I), and that someone locked the route (L) using the /LOCK qualifier. The number 2300 indicates that many datagrams have been transmitted using this route.
FIND ROUTE
_Destination internet address: 192.168.5.21
Destination Gateway Flags RefCnt UseCnt Line
----------- ------- _____ ______ ______ _____
192.168.5.0 192.168.5.21 UNIL 0 2300 SVA-0
FLUSH
Flushes the entire ARP table or routing table. Requires OPER privilege.
FLUSH
/ARP
Flushes the ARP tables and removes all but permanent entries. /NETWORK is an equivalent qualifier. Use the REMOVE command to remove a permanent ARP entry.
/LINE=line
Line ID of the ARP table to flush. If omitted, NETCU flushes all the ARP tables.
/ROUTE
Flushes the routing table by removing all non-interface routes. An interface route is for an actual network interface.
GET TGT
For Kerberos users. Gets the ticket-granting ticket (TGT) that allows you to get application service tickets. This process authenticates you to the Kerberos Server, which is considered to be a trusted, secure machine. TGTs are required to obtain an application service ticket from the Kerberos Server. The name of the ticket file is determined by the TCPWARE_KERBV4_TKFILE logical, usually set to SYS$LOGIN:KERBV4.TICKET. You must enter your Kerberos password with the command. Your OpenVMS login name is used for the Kerberos username unless the /USERNAME qualifier specifies otherwise. GET TGT is equivalent to the UNIX command kinit.
GET TGT
Password: password
password
User’s Kerberos password that authenticates the user to the Kerberos Server. Converted to lowercase unless you enclose it in double quotes.
/INSTANCE=instance
Usually omitted for a general Kerberos user; admin for an administrative user. (See your Kerberos administrator to determine your Kerberos instance name.) Converted to lowercase unless you enclose it in double quotes.
/LIFETIME=minutes
Lifetime of the TGT in minutes ranging from 5 to 1275 minutes. The default lifetime is 480 minutes (8 hours).
/REALM=realm
Optional Kerberos realm to use instead of the one determined by the value of the logical TCPWARE_KERBV4_REALM. Converted to lowercase unless you enclose it in double quotes.
/USERNAME=login-name
Alternate login name. Converted to lowercase unless you enclose it in double quotes.
Example
Gets a ticket-granting ticket for the logged-in user. If you logged in as SYSTEM, SYSTEM is used as the Kerberos username. If you logged in as FRED, FRED is used as the Kerberos username.
HELP
Brings up the NETCU online help. NETCU uses the OpenVMS interactive help facility. To exit the help facility, press Return until you return to the NETCU> prompt.
HELP [topic]
topic
(Optional) Topic for which you want help.
KILL CONNECTIONS
Resets the TCP connection on the specified device or the connections matching the internet address or port specification. Requires PHY_IO and either SYSPRV or BYPASS privileges.
KILL CONNECTIONS [device | qualifier]
Specify either a device or one or both of the qualifiers listed below.
device
One of the following devices: TCPn, BGn, INETn.
When specifying a device, KILL CONNECTIONS kills active and listening connections for that device. TCPware resets the TCP connection and completes any pending QIOs with the SS$_THIRDPARTY status. When you omit the device, KILL CONNECTIONS kills only active connections (those not in a CLOSED or LISTEN state) that match the local or remote specification.
/LOCAL=ia.port
Local address and port for incoming connections, in the format ia.port, where ia is the IP address or host name followed by a period, and port is the port number or service name. Use an asterisk (*) as a wildcard in place of ia or port.
/REMOTE=ia.port
Remote address and port for outgoing connections, in the format ia.port, where ia is the IP address or host name followed by a period, and port is the port number or service name. Use an asterisk (*) as a wildcard in place of ia or port.
Examples
1 Kills all outgoing TELNET (port 23) connections.
KILL CONNECTIONS /REMOTE=*.23
2 Kills all outgoing connections to host NIC.NEAR.NET.
KILL CONNECTIONS /REMOTE=NIC.NEAR.NET.*
3 Kills all incoming connections to any local IP address and port.
LOAD GATED CONFIGURATION
Tells the GateD process to load a configuration file. If no file is specified, the default file TCPWARE:GATED.CONF is loaded.
CAUTION! If the GateD process detects an error in the configuration file being loaded, it stops running.
Note! The NETCU processing of this command is completed before GateD finishes processing it.
LOAD GATED CONFIGURATION [file]
file
Name of the configuration file to load. If omitted, defaults to TCPWARE:GATED.CONF.
Example
This example tells the GateD process to load a new configuration file called TEST_CONFIG.CONF from the system manager’s current working directory.
LOAD GATED CONFIGURATION TEST_CONFIG.CONF
LOAD KDB
Used by the Kerberos master administrator. Loads the Kerberos database from an ASCII text file, such as the one created using DUMP KDB. Useful for transferring the Kerberos database from one machine to another. The Kerberos database is in TCPWARE:PRINCIPAL.OK. This command can only be executed if the local host is configured as a Kerberos Server. Requires OPER or SYSPRV privilege and entry of the Kerberos master password.
LOAD KDB input-file
Enter Kerberos master password: master-password
Verifying, please re-enter: master-password
input-file
Name of the ASCII text file from which the Kerberos database contents are loaded.
master-password
Kerberos password used for access to the Kerberos database. Converted to lowercase unless you enclose it in double quotes.
/KDBFILE=file
Name of an alternate Kerberos database file into which the contents are loaded from an ASCII text file. The default is TCPWARE:PRINCIPAL.OK.
/PROMPT (default)
/NOPROMPT
Specifies whether TCPware prompts you for the master password. /NOPROMPT reads the master password from the file created by the STASH MASTER_PASSWORD command.
Example
Loads the KDB using the foobar.txt file created with DUMP KDB.
LOAD KDB FOOBAR.TXT
Enter Kerberos master password:
Verifying,please re-enter:
MODIFY KDB
Used by the Kerberos master administrator. Modifies an entry in the Kerberos database (KDB). Use qualifiers to make modifications to an entry. The Kerberos database is in TCPWARE:PRINCIPAL.OK. This command can only be executed if the local host is configured as a Kerberos Server. Requires OPER or SYSPRV privilege and entry of the Kerberos master password.
MODIFY KDB principal [instance]
Enter Kerberos master password: master-password
Verifying, please re-enter: master-password
principal
Kerberos user’s login name, Kerberos administrator’s login name, or name of the Kerberos application service. Converted to lowercase unless you enclose it in double quotes. You can enter * to modify all principals.
instance
Usually omitted for a general Kerberos user; admin for an administrative user; or name of the machine on which the Kerberos application resides for an application service. Converted to lowercase unless you enclose it in double quotes. You can enter * to modify all instances.
master-password
Kerberos password used for access to the Kerberos database. Converted to lowercase unless you enclose it in double quotes.
/ATTRIBUTE=attribute
Attribute number, from 0 to 65535.
/EXP_DATE=date
Expiration date of the KDB entry.
/KDBFILE=file
Name of the KDB file. The default is TCPWARE:PRINCIPAL.OK.
/MAX_LIFE=minutes
Maximum lifetime of the KDB entry, in minutes.
/PASSWORD=new-kerberos-password
Kerberos user’s new password or application service’s new password (usually "RANDOM", which generates a random password for the service). Specify "NULL" for a null password. Converted to lowercase unless you enclose it in double quotes.
/PROMPT (default)
/NOPROMPT
Specifies whether TCPware prompts you for the master password. /NOPROMPT reads the master password from the file created by the STASH MASTER_PASSWORD command.
Examples
1 Modifies the password used for charon’s entry in the database.
MODIFY KDB CHARON /PASSWORD=monday
Enter Kerberos master password:
Verifying, please re-enter:
2 Changes all instances of rcmd services to have a randomly-generated password.
MODIFY KDB RCMD * /PASSWORD="RANDOM"
Enter Kerberos master password:
Verifying, please re-enter:
MODIFY KERBEROS USER
Used by the Kerberos administrator to modify a user password in the Kerberos database. The default Kerberos administrator account name is the name of the OpenVMS account using this command. Requires OPER or SYSPRV privilege and entry of the Kerberos administrator’s password.
MODIFY KERBEROS USER username new-password
Administrator password for ‘admin-account’: admin-password
username
Kerberos user’s login name. Converted to lowercase unless you enclose it in quotes.
new-password
New password of the Kerberos user account to change. Converted to lowercase unless you enclose it in quotes.
admin-password
Kerberos administrator’s password. Converted to lowercase unless you enclose it in quotes.
/ADMINISTRATOR=admin-username
Alternate Kerberos administrator name. Converted to lowercase unless you enclose it in quotes. The default name is the OpenVMS account name, in lowercase.
Example
Administrator fred changes smith’s Kerberos password.
MODIFY KERBEROS USER SMITH FOOBAR /ADMINISTRATOR=FRED
Administrator password for ‘fred’:
MODIFY SERVICE
Modifies information associated with an existing service. Requires OPER privilege.
MODIFY SERVICE port protocol [image]
port
Name or port number for the service to modify. Any service name or port number (except 0) defined in the TCPWARE:SERVICES. file. The service must be active.
protocol
Protocol to service the connection. Table 2-5 lists the valid values.
Table 2-5 Protocol Values (Continued)
|
Enter This Value... |
For... |
|
BG_TCP |
UCX-based servers on TCP |
|
BG_UDP |
UCX-based servers on UDP |
|
TCP |
TCPDRIVER-based servers |
|
UDP |
UDPDRIVER-based servers |
|
STREAM, DGRAM |
INETDRIVER-based servers |
image
File specification of the server you want executed. DO NOT use with BG_TCP or BG_UDP.; use the /INPUT qualifier instead.
Qualifiers
See the ADD SERVICE command for valid qualifiers. Remove an access list for a service by specifying /ACCESS_LIST=0 (see Example 2).
Examples
The commands in this example:
• Add access list number 1, permitting access for the host given.
• Modify the service on port 23 (creating a TELNET session) to correspond to access list number 1. This allows access only to those hosts on that access list (in this case just the host at address 192.168.5.3).
ADD ACCESS_LIST 1 PERMIT 192.168.5.3
MODIFY SERVICE 23 TCP /ACCESS_LIST=1
SHOW SERVICE /FULL 23 TCP
TCPware(R) for OpenVMS NETCP Services:
Protocol Port Active Limit Connects Errors Image
-------- ---- ------ ----- -------- ------ ----
TCP TELNET 0 NONE 0 0
/ROUTINE=CREATE_TELNET_SESSION
/ACCESS_LIST=1
SHOW ACCESS_LISTS 1
TCPware(R) for OpenVMS NETCP Access Lists:
List Condition InternetAddress AddressMask Access Denied Message
---- --------- --------------- -------------- ---------------------
1 PERMIT 192.168.5.3 255.255.255.255
RELOAD GROUP
NFS Client only.
Implements changes made to the GROUP database without having to restart the client system. Requires SYSLCK privilege.
Note! The GROUP database is normally static. The RELOAD GROUP command puts the changes into effect. Use this command sparingly. The Client can take a significant amount of time to reload the database. The reloading process blocks NFS activity.
RELOAD NAMED
Reloads the Domain Name Services (DNS) name server’s database files, if needed, by reading the NAMED.BOOT file and checking the zone information.
For example, if your name server is primary for five zones and you change the SOA record for one zone, RELOAD NAMED notices the change and reloads that zone. If you add a zone in the NAMED.BOOT file (for example, a secondary), it notices the change and starts a zone transfer to the primary to gain that zone.
RELOAD NAMED
1 RELOAD NAMED
%TCPWARE_NETCU-S-NORMAL, normal successful completion
If executing this command after editing NAMED.BOOT and adding a secondary zone 95.168.192.in-addr.arpa with the primary nameserver to be 192.168.95.1, the following entry displays in the NAMESERVER.LOG file:
%%%%%%%%%%%% NAMED 30-APR-2007 10:40:36.11 %%%%%%%%%%%%
%TCPWARE_NAMED-I-SIGNAL, Request to reload databases received.
%%%%%%%%%%%% NAMED 30-APR-2007 10:40:36.12 %%%%%%%%%%%%
%TCPWARE_NAMED-I-RELOAD, reloading name server
%%%%%%%%%%%% NAMED 30-APR-2007 10:40:36.16 %%%%%%%%%%%%
%TCPWARE_NAMED-I-MAIN, Ready to answer queries.
%%%%%%%%%%%% NAMED 30-APR-2007 10:40:36.48 %%%%%%%%%%%%
%TCPWARE_NAMED-I-SUBPROC, created process 000001D4 to transfer zone
95.42.192.in-addr.arpa
%%%%%%%%%%%% NAMED 30-APR-2007 10:40:37.51 %%%%%%%%%%%%
%TCPWARE_NAMED-I-XFERSUCCESS, zone 95.42.192.in-addr.arpa
transferred successfully
%%%%%%%%%%%% NAMED 30-APR-2007 10:40:37.65 %%%%%%%%%%%%
%TCPWARE_NAMED-I-ZONEINFO,secondary zone "95.42.192.in-addr.arpa" loaded (serial 237)
2 RELOAD NAMED
%TCPWARE_NETCU-S-NORMAL, normal successful completion
If executing this command after editing NAMED.BOOT and increasing the Serial Number, the following entry displays in the NAMESERVER.LOG file:
%%%%%%%%%%%% NAMED 30-APR-2007 10:28:39.84 %%%%%%%%%%%%
%TCPWARE_NAMED-I-SIGNAL, Request to reload databases received.
%%%%%%%%%%%% NAMED 30-APR-2007 10:28:39.84 %%%%%%%%%%%%
%TCPWARE_NAMED-I-RELOAD, reloading name server
%%%%%%%%%%%% NAMED 30-APR-2007 10:28:40.04 %%%%%%%%%%%%
%TCPWARE_NAMED-I-ZONEINFO, primary zone "yours.com" loaded (serial 6002)
%%%%%%%%%%%% NAMED 30-APR-2007 10:28:40.07 %%%%%%%%%%%%
%TCPWARE_NAMED-I-MAIN, Ready to answer queries.
RELOAD PROXY
NFS Client and Server.
Implements changes made to the PROXY database without having to restart the Client or Server. Not necessary if the TCPWARE_NFS_DYNAMIC_PROXY logical was defined as CLIENT or SERVER. Requires SYSLCK privilege.
Note! The PROXY database is normally static. The RELOAD PROXY command puts the changes into effect. Use this command sparingly. The Client can take a significant amount of time to reload the database. The reloading process blocks NFS activity.
RELOAD PROXY [vms-username[, vms-username, ...]
vms-username
Reloads only the PROXY database entries for the specified username (or list of usernames separated by commas). This is useful for notifying the Client or Server of changes to the OpenVMS SYSUAF.DAT file, such as changes to the rights list or user privileges.
Qualifiers
Note! If you omit both qualifiers, the PROXY database reloads on both the Client and Server.
/CLIENT
/NOCLIENT
/CLIENT reloads the PROXY database on the Client only. /NOCLIENT does not reload the database on the Client.
/SERVER
/NOSERVER
/SERVER reloads the PROXY database on the Server only. /NOSERVER does not reload the database on the Server.
REMOVE ACE_USER
Token Authentication only.
Removes a username from the TCPware ACE/Client user database (in the TCPWARE:ACECLIENT_USER.DAT file). Requires SYSPRV or BYPASS privilege.
|
To... |
Use this command... |
|
add a new username to the database |
ADD ACE_USER |
|
show the usernames added |
SHOW ACE_USER |
|
create a new database |
CREATE ACE_USER_DATABASE |
REMOVE ACE_USER username
username
Name of the user to remove from the ACE/Client database.
Example
Shows a sequence of removing a user from the ACE/Client user database and showing the results.
NETCU> REMOVE ACE_USER JOKER
NETCU> SHOW ACE_USER
TCPware ACE/Client Username Database
Username
--------
CLUBS
DIAMONDS
HEARTS
SPADES
REMOVE ACCESS_LIST
Removes an incoming access restrictions list or a specific entry from a list. Requires write access to the appropriate file.
REMOVE ACCESS_LIST list [condition [ia [mask]]]
list
Number of the incoming access restrictions list (1 to 65535).
condition
Sets the condition if access is permitted or denied. Valid keywords are PERMIT and DENY. DENY is the default for hosts not specified on the list.
ia
Internet address of the network or host specified on the list.
mask
Internet address mask, which specifies which bits to use when matching hosts against the incoming access restrictions list. Use set bits when matching hosts against the ia.
If you omit mask and the host portion of ia is 0, NETCU uses the network or subnet mask. If the host portion of ia is not 0, NETCU uses 255.255.255.255, where only the specified host is allowed access.
Examples
1 Removes list 56.
REMOVE ACCESS_LIST 56
2 Removes all PERMIT entries from list 56.
REMOVE ACCESS_LIST 56 PERMIT
3 Removes the specified entry from list 56.
REMOVE ACCESS_LIST 56 PERMIT 192.168.5.0 255.255.255.0
REMOVE ARP
Deletes an entry from an ARP table. Requires OPER privilege.
Each ARP table entry consists of an internet address paired with a physical address.
Note! You do not need to use this command under normal circumstances. ARP automatically maps internet addresses to physical addresses. Use this command in rare instances when a particular host does not support ARP.
REMOVE ARP destination-ia
SET NOARP destination-ia
destination-ia
Internet address or host name of the ARP table entry.
/LINE=line
Line id of the ARP table that contains the entry you want removed. If omitted, NETCU determines the ARP table on the basis of the internet address. You require /LINE when the internet address is not a local network address.
Note! Unlike some software, if you try to remove entries that do not exist you will not receive an error message.
RELEASE DHCP
Forces the Dynamic Host Configuration Protocol (DHCP) server to act as if it heard a DHCP release message from a client. This command can be used for dynamically assigned IP addresses only. Requires SYSPRV or OPER privilege.
Note! The DHCP Protocol has no way to tell the client that the address is released, so this command must be used with caution.
RELEASE DHCP ip-address
REMOVE DHCP ip-address
ip-address
The IP address of the lease to release.
Example
Releases the lease for IP address 192.168.5.220.
REMOVE EXPORT
NFS Server only.
Removes an entry from the EXPORT database so that you can remove access to an exported directory for a single host or a list of hosts. Requires write access to the TCPWARE:NFS_EXPORT.DAT file.
Note! The EXPORT database is dynamic. Any path that you remove from the database becomes invalid immediately. You do not need to restart the Server.
REMOVE EXPORT "nfs-path"
"nfs-path"
NFS-style pathname used to reference the exported directory. Typically expressed as a UNIX-style pathname. Enclose the pathname in quotation marks (" "). You must enclose the nfs-path in quotation marks (" ").
/HOST=(host[,host...])
Removes access to an nfs-path for a single host or a list of hosts. If omitted, NETCU removes nfs-path for all hosts.
Example
Removes a record from the EXPORT database so that NFS host ORCHID can no longer mount an OpenVMS directory on the /vax/records pathname.
REMOVE EXPORT "/vax/records" /HOST=ORCHID
REMOVE GROUP
NFS Client only.
Removes a group mapping from the GROUP database. Requires write access to the TCPWARE:NFS_GROUP.DAT file.
Note! The GROUP database is static. The RELOAD GROUP command puts changes into effect.
REMOVE GROUP nfs-group [vms-identifier,...]
nfs-group
NFS group number. If you specify nfs-group alone, NETCU removes the entire group from the database.
vms-identifier
OpenVMS rights identifier(s) or UIC(s) associated with the NFS group. If you specify one, NETCU removes only that identifier from the database; NETCU does not change the remaining entries for that group. See theADD GROUP command for the valid format of vms-identifier entries.
/HOST=(server[,server...])
Server host(s) on which the group number is valid. Either host names or internet addresses are valid. This qualifier removes the GROUP entry for the specified host(s) only. Use the parentheses with multiple server specifications.
Example
Removes a record from the GROUP database so that you can no longer associate group number 15 with a group account on the client.
REMOVE KACL
Used by the Kerberos master administrator. Removes a Kerberos access control list (KACL) entry for access to the Kerberos database. This entry disallows a Kerberos administrator from adding, modifying, or showing a Kerberos user’s entry in the Kerberos database from a remote host.
This command can only be executed if the local host is configured as a Kerberos Server. Requires OPER or SYSPRV privilege and entry of the Kerberos master password.
REMOVE KACL access-type admin-username instance [realm]
Enter Kerberos master password: master-password
Verifying, please re-enter: master-password
access-type
Specify one of the following ACL types:
admin-username
Kerberos administrator’s username. Converted to lowercase unless you enclose it in double quotes.
instance
Value should be admin since the username is for a Kerberos administration user.
realm
Alternate Kerberos realm to use instead of the one determined by the value of the logical TCPWARE_KERBV4_REALM. Converted to lowercase unless you enclose it in double quotes.
master-password
Kerberos password used to access the Kerberos database. Converted to lowercase unless you enclose it in double quotes.
/PROMPT (default)
/NOPROMPT
Specifies whether TCPware prompts you for the master password. /NOPROMPT reads the master password from the file created by the STASH MASTER_PASSWORD command.
Example
Removes the KACL entry that allows Kerberos administrator persephone within the HADES.COM realm to show entries in the Kerberos database.
REMOVE KACL SHOW PERSEPHONE ADMIN HADES.COM
Enter Kerberos master password:
Verifying, please re-enter:
REMOVE KDB
Used by the Kerberos master administrator. Removes an entry from the Kerberos database (KDB). This command can only be executed if the local host is configured as a Kerberos Server. Requires OPER or SYSPRV privilege and entry of the Kerberos master password.
REMOVE KDB principal [instance]
Enter Kerberos master password: master-password
Verifying, please re-enter: master-password
principal
Kerberos user’s login name, Kerberos administrator’s login name, or name of the Kerberos application service. You can enter * to remove all principals. Converted to lowercase unless you enclose it in double quotes.
instance
Usually omitted for a general Kerberos user; admin for an administrative user; or name of the machine on which the Kerberos application resides for an application service. You can enter * to remove all instances of the specified principal. Converted to lowercase unless you enclose it in double quotes.
master-password
Kerberos password used for access to the Kerberos database. Converted to lowercase unless you enclose it in double quotes.
/KDBFILE=file
Name of the alternate KDB file. The default is TCPWARE:PRINCIPAL.OK.
/PROMPT (default)
/NOPROMPT
Specifies whether TCPware prompts you for the master password. /NOPROMPT reads the master password from the file created by the STASH MASTER_PASSWORD command.
Examples
1 Removes the Kerberos user entry, charon, from the database.
REMOVE KDB CHARON
Enter Kerberos master password:
Verifying, please re-enter:
2 Removes all instances of admin from the database.
REMOVE KDB * ADMIN
Enter Kerberos master password:
Verifying, please re-enter:
REMOVE MULTICAST_GROUP
Removes a multicast host group address from the table of joined addresses for the interface or all interfaces. Requires OPER privilege.
Once you remove a multicast from an interface, applications can no longer receive datagrams sent to that address.
Multicast host group address entries have a reference count. This command decrements the reference count and, if zero, removes the address.
Note! TCPware does not issue an error message if you try to remove an address you never added.
REMOVE MULTICAST_GROUP internet-address
internet-address
Internet address or host name of the multicast host group address.
/LINE=line-ID
Line ID of the interface for which to remove the address. If omitted, TCPware removes the address from all active interfaces.
Example
Removes the all-routers multicast address (224.0.0.2) from the SVA-0 Ethernet interface.
REMOVE MULTICAST_GROUP 224.0.0.2 /LINE=SVA-0
REMOVE PROXY
NFS Client and Server.
Removes an entry from the PROXY datab